Hosting Service Management

This chapter covers a number of common tasks that you may want to or need to perform with the Host Server.

Managing Admin User Accounts

The Admin Console of the Host Server allows you to creating additional Admin user accounts for managing the Host Server. Initially only one user account exists. This is the account you created when installing the Hosting Service.

There are 2 privilege levels:

  • Superuser: Superuser’s have unlimited access to the Host Server.
  • Administrator: Administrator’s have some limitations as to the operations they are able to perform.

Normally Administrator privileges are sufficient for managing the Host Server. A Superuser account is only required to perform certain configuration tasks, this includes:

  • Creation of new user accounts
  • Change user privileges
  • Configure external authentication for user accounts
  • Setup of email configuration
  • Setup of 2-factor authentication

The Superuser also specifies the maximum rows that can be view in the Admin Console user interface. Limiting the number of rows ensures that Administrators cannot view all data, they need to have more specific information about what they wish to view.

External Authentication

When using external authentication for Admin user account, credentials are located on an external authentication system, such as LDAP or Active Directory.

In this case, you must provide the Host Server with a URL that will be used to verify login, and retrieve user account information. This value is specified using the ExtAuthURL system setting.

When an user of an external account successfully logs in for the first time an account is automatically created for the user in the host Server. Future login for the user nevertheless requires confirmation by the external login service. The user External Reference is used to uniquely identify the user on both systems.

Securing the Admin Console

It is recommend that you carefully restrict access to the Admin Console. For Superuser accounts, you can activate 2-factor authentication which sends an authorisation email to a user to confirm access.

Apache itself offers further possibilities for limiting and controlling access. Using a RewriteCond you can limit access to certain fixed IP numbers. mod_authz_host (also known as mod_access) can be used to specify an IP address range (or subnet).

HTTPS access to the Admin Console should be required. In order to simply setup of a Host Server, SSL access is not required during the installation phase.

However, it is recommended that you configure your server to use a valid SSL certificate as soon as possible. Once you have done this, set the system setting HttpsUsedByAdmin to True to ensure that the Admin Console can only be accessed using HTTPS.

Managing Auto Tasks

There is a number of background jobs, called “Auto Tasks”, that are being performed by the Yvva-based td-hostserver service.

The behaviour of the Auto Tasks are controlled by the various settings available for each task.

The overall frequency of how often the background service will wake up can be changed by modifying the setting repeat in file /etc/td-hostserver.conf. The default value is 10 seconds.

Note that the frequency of the individual tasks can be defined differently. The extent that this can be modified depends on the task settings.

Close Sessions Task

This task is deletes TeamDrive Protocol v2 (TDPv2) sessions after a certain amount of idle time. The sessions are created by the TeamDrive Clients in order to upload data to the Host Server. If a session is removed, the client will automatically create a new session.

This task is not required for TeamDrive Protocol v3, which uses a signature-based authentication method that does not require session handling.

This task runs every 5 minutes.

Sum Disk Usage Task

When the TeamDrive Client accesses a Space, the bytes transferred over the network and the amount of data written to disk are recorded in a log entry.

This task sums the accumulated network traffic log entries per Space and Depot, and the disk usage per Space, Depot and Volume.

This task runs every 5 minutes.

Check Spaces with Limit Task

This task compares the current traffic total and disk usage to the traffic and disk limit set for a Depot. If any of these limits are exceeded the task sets the appropriate status flags for all Spaces in the Depot.

As long as they are set, the status flags prevent any further upload of data to the Spaces in the Depot.

If, after files are deleted in a Space, the disk limit is no longer exceeded, this task will remove the status flag for disk usage so that upload may continue.

If the traffic limit is exceeded, then the traffic limit status flag remains set until the end of the month (see “Reset Traffic Task” below).

This task runs every 5 minutes.

Reset Traffic Task

At the beginning of each month the traffic used per Depot is reset to zero. If the Depot traffic limit was exceeded, then this task removes the associated status flag from all Spaces in the Depot. This signals the TeamDrive Clients that upload of data may continue.

If the SpaceStatisticEnabled configuration setting is set to True, a monthly report containing detailed statistics like monthly traffic and disk usage for all existing Depots and Spaces within these depots will be created. See the section Reporting Usage Statistics in the Host Server Administration Guide for details.

Delete Space Task

Spaces that are deleted, either by the TeamDrive Client, or on the Admin Console are marked for deletion. The delete operation is then performed by this task.

The task removes all files associated with a Space, this includes the removal of data from the external S3-compatible Object Store if necessary.

Once all the data of a Space has been removed, the Space is marked as deleted, and is no longer visible in the Admin Console. Set the ShowDeletedObjects (see ShowDeletedObjects) setting to True in order to see previously deleted Spaces.

This task runs every 10 minutes.

Process S3 Logs Task

This task records network traffic used by TeamDrive Clients access the S3-compatible Object Store directly. This is done by downloading and scanning the access logs created by Object Store. For this to work, the S3LogBucketName must be specified (see S3LogBucketName).

See the section Enabling Object Store Traffic Usage Processing in the Host Server Administration Guide for further details.

This task runs every 5 minutes.

Cleanup API Log Task

This taks removes old entries in the API log. The APILogEntryTimeout (see APILogEntryTimeout) specifies how old, in days, a log entry must be before it is removed. If no value or zero is specified, then this taks does not execute.

This task runs every 24 hours.

Delete Public Files Task

A TeamDrive Client that uploads a Public file may specify an expiry date. This task removes public files that have expired.

This task runs every 30 minutes.

Volume Warning Task

This task sends an email notification if volume usage exceeds predefined thresholds. The thresholds are specified using the NotifyVolumeWarningLevel (NotifyVolumeWarningLevel) and NotifyVolumeCriticalLevel (NotifyVolumeCriticalLevel) settings.

The setting NotifyVolumeEmail (NotifyVolumeEmail) is used to specify the email address for the notification. In addition to this, the email configuration for the Hosting Service must be setup. How do do this is explained in the section: Enabling Two-Factor Authentication for Superusers.